Am 09.04.2014 23:54, schrieb Victoriano Giralt: > I'd like to 'hear' Wietse's and Victor's opinion on how could this nasty bug > affect a TLS service like submission? > > I suppose that the answer would very well be that "it depends on the > availability of exploits", but ...
in doubt *any* service running with OpenSSL is affected and you should be advised to replace all used certs / private keys on any server that might sound harsh - but i did that yesterday for any of our sites, services and customer websites and still feel unsecure if apache httpd-prefork was not affected by the impact leaking post-data like user logins, apache upstream is also not 100% sure so at least change your keys, any CA which doe snot allow change your certs for free at this time can be treated as unuseable and insecure, even with Thawthe which is one of the badest not support SHA256 until now this is no problem
